SneakLeak: Detecting multipartite leakage paths in Android apps

In this paper, a technique is proposed to address the threat emerging from multiple colluding Android applications (apps). Existing techniques have focused on single app analysis which may be defeated by scattering leakage-capable path segments across multiple apps. In such a scenario, individual app shall appear benign. Whereas, together with other conspiring apps, if present, can lead to information leakage. This threat is known as app collusion. Relay of private and sensitive information from one app to another is possible via multiple communication mechanisms provided by Android. In this paper, we present SneakLeak, a new model-checking based technique for detection of app collusion. The proposed method analyze multiple apps simultaneously. SneakLeak can identify any set of conspiring apps that might be involved in the collusion. To demonstrate the efficacy of our proposal, we experimented with Android apps exhibiting collusion through inter-app communication. The apps are taken from test dataset named DroidBench. Our experiments show that the technique can precisely detect the presence/absence of collusion among apps.